# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
#
import getpass
import pytest
from tests.hs2.hs2_test_suite import HS2TestSuite, needs_session
from TCLIService import TCLIService
from tests.common.custom_cluster_test_suite import CustomClusterTestSuite

USER_NAME = getpass.getuser()
PROXY_USER = "proxy_user_name"
PROXY_USER_WITH_COMMA = "proxy_user,name_2"
PROXY_USERS_ALL = "proxy_user_name/proxy_user,name_2"
PROXY_USER_DELIMITER = "/"

class TestDelegation(CustomClusterTestSuite, HS2TestSuite):

  def check_user_and_effective_user(self, proxy_user):
    execute_statement_req = TCLIService.TExecuteStatementReq()
    execute_statement_req.sessionHandle = self.session_handle
    execute_statement_req.confOverlay = dict()
    execute_statement_req.statement = \
      "SELECT effective_user(), current_user(), user(), session_user()";
    execute_statement_resp = self.hs2_client.ExecuteStatement(execute_statement_req)
    HS2TestSuite.check_response(execute_statement_resp)

    fetch_results_req = TCLIService.TFetchResultsReq()
    fetch_results_req.operationHandle = execute_statement_resp.operationHandle
    fetch_results_req.maxRows = 1
    fetch_results_resp = self.hs2_client.FetchResults(fetch_results_req)
    HS2TestSuite.check_response(fetch_results_resp)
    assert (self.column_results_to_string(fetch_results_resp.results.columns) ==
            (1, "%s, %s, %s, %s\n" % (proxy_user, proxy_user,
                                      USER_NAME, USER_NAME)))

  @pytest.mark.execute_serially
  @CustomClusterTestSuite.with_args(
    "--authorized_proxy_user_config=\"%s=%s\"" % (USER_NAME, PROXY_USER))
  @needs_session(TCLIService.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6,
                 conf_overlay = {"impala.doas.user": PROXY_USER})
  def test_effective_user_single_proxy(self):
    '''Test that the effective user is correctly set when impala.doas.user is correct, and
    that the effective_user() builtin returns the right thing'''
    self.check_user_and_effective_user(PROXY_USER)

  @pytest.mark.execute_serially
  @CustomClusterTestSuite.with_args(
    "--authorized_proxy_user_config=\"%s=%s\"\
      --authorized_proxy_user_config_delimiter=%c" % (USER_NAME, PROXY_USERS_ALL,
      PROXY_USER_DELIMITER))
  @needs_session(TCLIService.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6,
                 conf_overlay = {"impala.doas.user": PROXY_USER_WITH_COMMA})
  def test_effective_user_multiple_proxies(self):
    '''Test that the effective user is correctly set when there are multiple proxy users
    seperated with the authorized_user_proxy_config_delimiter and when impala.doas.user
    is correct, and that the effective_user() builtin returns the right thing'''
    self.check_user_and_effective_user(PROXY_USER_WITH_COMMA)

  @pytest.mark.execute_serially
  @CustomClusterTestSuite.with_args(
    "--authorized_proxy_user_config=\"%s=%s\"\
      --authorized_proxy_user_config_delimiter=" % (USER_NAME, PROXY_USER_WITH_COMMA))
  @needs_session(TCLIService.TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V6,
                 conf_overlay = {"impala.doas.user": PROXY_USER_WITH_COMMA})
  def test_effective_user_empty_delimiter(self):
    '''Test that the effective user is correctly set when the
    authorized_user_proxy_config_delimiter is set to the empty string and
    impala.doas.user is correct, and that the effective_user() builtin returns the
    right thing'''
    self.check_user_and_effective_user(PROXY_USER_WITH_COMMA)
